[kernel] r16957 - in dists/squeeze/linux-2.6/debian: . patches/bugfix/all patches/debian patches/series

Ben Hutchings benh at alioth.debian.org
Tue Mar 1 02:19:36 UTC 2011 

Author: benh
Date: Tue Mar  1 02:19:31 2011
New Revision: 16957

Log:
drm: Fix unsigned vs signed comparison issue in modeset ctl ioctl (CVE-2011-1013)

Added:
   dists/squeeze/linux-2.6/debian/patches/bugfix/all/drm-fix-unsigned-vs-signed-comparison-issue-in-modes.patch
   dists/squeeze/linux-2.6/debian/patches/debian/drm-Avoid-ABI-change-from-fix-for-CVE-2011-1013.patch
Modified:
   dists/squeeze/linux-2.6/debian/changelog
   dists/squeeze/linux-2.6/debian/patches/series/31

Modified: dists/squeeze/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze/linux-2.6/debian/changelog	Mon Feb 28 19:50:26 2011	(r16956)
+++ dists/squeeze/linux-2.6/debian/changelog	Tue Mar  1 02:19:31 2011	(r16957)
@@ -36,6 +36,8 @@
   * iowarrior: Don't trust report_size for buffer size (CVE-2010-4656)
   * ALSA: caiaq - Fix possible string-buffer overflow (CVE-2011-0712)
   * fs/partitions: Validate map_count in Mac partition tables (CVE-2011-1010)
+  * drm: Fix unsigned vs signed comparison issue in modeset ctl ioctl
+    (CVE-2011-1013)
 
   [ dann frazier ]
   * xfs: fix information leak using stale NFS handle (CVE-2010-2943)

Added: dists/squeeze/linux-2.6/debian/patches/bugfix/all/drm-fix-unsigned-vs-signed-comparison-issue-in-modes.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/squeeze/linux-2.6/debian/patches/bugfix/all/drm-fix-unsigned-vs-signed-comparison-issue-in-modes.patch	Tue Mar  1 02:19:31 2011	(r16957)
@@ -0,0 +1,36 @@
+From: Dave Airlie <airlied at redhat.com>
+Date: Thu, 24 Feb 2011 08:35:06 +1000
+Subject: [PATCH] drm: fix unsigned vs signed comparison issue in modeset ctl ioctl.
+
+commit 1922756124ddd53846877416d92ba4a802bc658f upstream.
+
+This fixes CVE-2011-1013.
+
+Reported-by: Matthiew Herrb (OpenBSD X.org team)
+Cc: stable at kernel.org
+Signed-off-by: Dave Airlie <airlied at redhat.com>
+[bwh: Adjust for Debian's 2.6.32]
+---
+--- a/drivers/gpu/drm/drm_irq.c
++++ b/drivers/gpu/drm/drm_irq.c
+@@ -543,7 +543,8 @@ int drm_modeset_ctl(struct drm_device *dev, void *data,
+ 		    struct drm_file *file_priv)
+ {
+ 	struct drm_modeset_ctl *modeset = data;
+-	int crtc, ret = 0;
++	int ret = 0;
++	unsigned int crtc;
+ 
+ 	/* If drm_vblank_init() hasn't been called yet, just no-op */
+ 	if (!dev->num_crtcs)
+--- a/include/drm/drmP.h
++++ b/include/drm/drmP.h
+@@ -1020,7 +1020,7 @@ struct drm_device {
+ 	struct pci_controller *hose;
+ #endif
+ 	struct drm_sg_mem *sg;	/**< Scatter gather memory */
+-	int num_crtcs;                  /**< Number of CRTCs on this device */
++	unsigned int num_crtcs;                  /**< Number of CRTCs on this device */
+ 	void *dev_private;		/**< device private data */
+ 	void *mm_private;
+ 	struct address_space *dev_mapping;

Added: dists/squeeze/linux-2.6/debian/patches/debian/drm-Avoid-ABI-change-from-fix-for-CVE-2011-1013.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/squeeze/linux-2.6/debian/patches/debian/drm-Avoid-ABI-change-from-fix-for-CVE-2011-1013.patch	Tue Mar  1 02:19:31 2011	(r16957)
@@ -0,0 +1,27 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Tue, 1 Mar 2011 01:54:06 +0000
+Subject: [PATCH] drm: Avoid ABI change from fix for CVE-2011-1013
+
+---
+ include/drm/drmP.h |    5 ++++-
+ 1 files changed, 4 insertions(+), 1 deletions(-)
+
+diff --git a/include/drm/drmP.h b/include/drm/drmP.h
+index c6c8eb9..a8cd0ae 100644
+--- a/include/drm/drmP.h
++++ b/include/drm/drmP.h
+@@ -1020,7 +1020,10 @@ struct drm_device {
+ 	struct pci_controller *hose;
+ #endif
+ 	struct drm_sg_mem *sg;	/**< Scatter gather memory */
+-	unsigned int num_crtcs;                  /**< Number of CRTCs on this device */
++#ifndef __GENKSYMS__
++	unsigned
++#endif
++	int num_crtcs;                  /**< Number of CRTCs on this device */
+ 	void *dev_private;		/**< device private data */
+ 	void *mm_private;
+ 	struct address_space *dev_mapping;
+-- 
+1.7.4.1
+

Modified: dists/squeeze/linux-2.6/debian/patches/series/31
==============================================================================
--- dists/squeeze/linux-2.6/debian/patches/series/31	Mon Feb 28 19:50:26 2011	(r16956)
+++ dists/squeeze/linux-2.6/debian/patches/series/31	Tue Mar  1 02:19:31 2011	(r16957)
@@ -43,3 +43,5 @@
 + bugfix/all/fs-partitions-Validate-map_count-in-Mac-partition-ta.patch
 + features/all/hwmon-k10temp.patch
 + bugfix/all/HID-add-support-for-Acan-FG-8100-barcode-reader.patch
++ bugfix/all/drm-fix-unsigned-vs-signed-comparison-issue-in-modes.patch
++ debian/drm-Avoid-ABI-change-from-fix-for-CVE-2011-1013.patch

More information about the Kernel-svn-changes mailing list